JR/T 0289-2024
Open Source Technology for the Financial Industry Terminology (English Version)

Standard No.
JR/T 0289-2024
Language
Chinese, Available in English version
Release Date
2024
Published By
Professional Standard - Finance
Latest
JR/T 0289-2024
 
Introduction

Core value and development background of the standard

This standard was led by the Science and Technology Department of the People's Bank of China, and jointly developed by more than 20 institutions including Industrial and Commercial Bank of China and China UnionPay. For the first time, a financial open source technology concept system containing 6 categories and 56 terms was systematically constructed. The background of its issuance is mainly due to:

  • Terminology confusion: Different institutions have different understandings of concepts such as open source components and derivatives
  • Compliance risks: License compatibility issues lead to a 35% annual increase in legal disputes
  • Supply chain risks: 78% of open source vulnerability incidents in the financial industry in 2022 are related to terminology cognitive bias

Analysis of key terminology system

Classification Core terms Special definitions for the financial industry
Basic class Open source technology Explicitly includes indirect introduction forms such as cloud services
Rule class Copyright license Emphasis on the mandatory open source requirement for derivatives
Technology category Internal source Define the internal collaboration mechanism of financial institutions

Three-dimensional model of license management

Typical conflict case

When a bank mixed GPLv3 components with Apache 2.0 codes for development, the product release was hindered due to license compatibility issues. This standard clarifies through clause 3.4.10:

  1. Derivatives of copyright-protected licenses (such as GPL) must be open source
  2. Permissive licenses (such as MIT) allow closed source commercial use
  3. Mixed development requires component analysis (3.4.7)

Supply Chain Risk Management Framework

Based on clauses 3.4.19-3.4.20, financial institutions are advised to establish:

Phase Control Point Tool
Introduction Trusted Source Verification (3.6.9) SBOM Generation Tool
Use Community maturity monitoring (3.4.1) Code activity analysis platform
Exit Service suspension warning (3.1.15) EOL tracking system

Implementation suggestions

  1. Term mapping: Establish an enterprise-level terminology comparison table (such as unifying "fork" as fork)
  2. Process embedding: Clarify license terms in procurement contracts (3.6.2)
  3. Capacity building: Conduct regular open source compliance training (focus on section 3.2)
  4. Tool chain: Deploy component analysis tools (3.4.6) to achieve automated detection

JR/T 0289-2024 history

  • 2024 JR/T 0289-2024 Open Source Technology for the Financial Industry Terminology
Open Source Technology for the Financial Industry Terminology

Topics on standards and specifications

technology funding energy finance energy finance

Standard and Specification

JRT 0287-2023 Information Disclosure Guidelines for Financial Applications of Artificial Intelligence Algorithms SA TR ISO/IEC 30166:2021 Internet of things (IoT) — Industrial IoT CNS 14380-3-1999 Banking - Key management (retail) - Part 3:Key life cycle for symmetric ciphers JRT 0283-2023 Financial machine access architecture and driver interface requirements AWWA JTMGT61363 Visioning Tomorrow's Water and Wastewater Utility: Preparing for Tomorrow's Agenda Today SS-ISO 32210:2023 Sustainable finance - Guidance on the application of sustainability principles for organizations in the financial sector (ISO 32210:2022, IDT CNS 14644-2002 Banking and related financial services-Information security guidelines BS PD ISO/IEC TR 30166:2020 Internet of things (IoT). Industrial IoT KS B ISO 2162-3:2003 Technical product documentation-Spring-Part 3:Vocabulary AWWA ACE93049 Strategies to Enhance Water Utilities' Credit-Worthiness Through Risk Management


Copyright ©2025 All Rights Reserved